Network Address Port Translation
Network address port translation (NAPT), also referred to as Port Address Translation (PAT) or IP masquerading, is the most widely deployed type of NAT. NAPT maps both TCP/UDP port numbers and IP addresses. With NAPT, multiple internal hosts can access the external network simultaneously using a single official external IP address. Because port numbers, as well as IP addresses, are mapped, extensive connection state information must be maintained on the NAT device.
The visual shows how NAPT works. Note that the internal network hosts are assigned IP addresses in the private 10.0.0.0 network. Hosts A and B on the private network have TCP connections open to Internet servers C and D, respectively. As the connection from host A passes through the NAPT device, it is mapped to the external IP address of the NAPT device (184.108.40.206) and port number 5678. The port number 5678 was assigned when the connection was first initiated. Server C on the Internet sees a connection coming from 220.127.116.11 with port number 5678. Likewise, a connection from internal host B to Internet server D is mapped to 18.104.22.168 with port number 5679. Packets coming back from the servers will be addressed to the NAPT device at 22.214.171.124 using the appropriate TCP port number. The NAPT device will use the incoming TCP port number to determine which of the internal hosts receives the packet. It will translate the 126.96.36.199 address into the correct internal IP address and will map the incoming port number to the correct port number on the internal host—in the case of host A, it will change the incoming TCP port 5678 into TCP port 2345.
A NAPT device with a single, officially assigned external IP address could conceivably accommodate up to 65,000 internal connections! The actual number depends on the number of TCP/UDP port numbers supported on the NAT device.
|<mp3>http://podcast.hill-vt.com/podsnacks/2007q1/nat-napt.mp3%7Cdownload</mp3> | NAT vs. NAPT|